Aurora attackers were looking for Google’s surveillance database

When in early 2010 Google shared with the public that they had been breached in what became known as the Aurora attacks, they said that the attackers got their hands on some source code and were looking to access Gmail accounts of Tibetan activists.

What they didn’t make public is that the hackers have also accessed a database containing information about court-issued surveillance orders that enabled law enforcement agencies to monitor email accounts belonging to diplomats, suspected spies and terrorists.

Whether this was the primary goal of the attacks as well as how much information was exfiltrated is unknown.

It is widely believed (though never unequivocally confirmed) that hackers were hired by the Chinese government, and current and former U.S. government officials interviewed by the Washington Post say that the database in question was possibly accessed in order to discover which Chinese intelligence operatives located in the U.S. were under surveillance.

Armed with such information, Chinese intelligence agencies might decide to extract the suspected operatives, or instruct them to provide false information aimed at deceiving U.S. intelligence agents.

The theory is also backed by an earlier claim by Dave Aucsmith, senior director of Microsoft’s Institute for Advanced Technology in Governments, who said that the Aurora attacks directed at Microsoft were aimed at discovering similar information regarding Microsoft accounts.

“If you think about this, this is brilliant counter-intelligence. You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that’s difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That’s essentially what we think they were trolling for, at least in our case,” he shared with the attendees of a government IT conference.

As usual, the Chinese deny having anything to do with the attacks, and the U.S. government has also decided not to comment on these claims. Google followed suit, and Aucsmith commented the publication of the article by saying that his comments were “not meant to cite any specific Microsoft analysis or findings about motive or attacks.”